Vulnerable WordPress Plugins Report for the Week of February 1, 2019

Vulnerable Plugins

Twelve disclosures since last week, with four issues unfixed. The most serious is an Arbitrary File Upload vulnerability in the plugin Slider by 10Web. It appears that the developer is trying to fix the issue, but as of right now (2:00PM CST) it remains unavailable in the public repository. You are encouraged to remove the plugin until the developer is able to correct the issue.

Other WordPress Security News

WordPress 5.1 Beta 3 was released yesterday. Due to growing security concerns, the White-Screen-of-Death protection has been removed and is now slated for inclusion in version 5.2. Version 5.1 is still scheduled for release on February 21st.